Simply enter the following into the input fields of a webpage:

a'

If the website returns a SQL error then this indicates it is vulnerable to SQL Injection attacks.

TODO…continue this

A website will typically request some data from the user, for instance it may request a username to be entered.

Usually it would expect a username such as 'john' or 'joe bloggs'.

Behind the scenes, the username that is entered on the website is often verified against a database to check that it is actually a legitimate username. The SQL code that could be used might be something like this:

SELECT username FROM users WHERE username='<the_username_entered_on_the_website>';

or

SELECT username FROM users WHERE username="{$_POST["username"]"}";

This database query would return the record that matched the username that was entered on the website.

However, if the system does not do some checking that the name entered on the website is

A quick

The character ' is used because this is the character limiter in SQL. With ' you delimit strings and therefore you can test whether the strings are properly escaped in the targeted application or not. If they are not escaped directly you can end any string supplied to the application and add other SQL code after that.

The character ; is used to terminate SQL statements. If you can send the character ; to an application and it is not escaped outside a string (see above) then you can terminate any SQL statement and create a new one which leaves a security breach.